Privacy policy

Hiscox is committed to protecting your data. This Privacy Notice explains what data we collect from you and how we use that information. This will depend on whether you are a customer, broker, another insurer or a supplier. It will also depend on what type of policy you take out with us, or if you just decide to quote or use our website for example.

We also tell you about your privacy rights and what actions are available to you.

It may also be helpful to read the website terms and conditions as well as our Cookie Policy.

Hiscox is an international insurance business. We offer insurance to individuals, companies and other insurers. We do this both by providing insurance ourselves and by placing insurance with other insurers. We also offer insurance to other insurers; this is known as "reinsurance". 

We collect information about you so we can provide you with a quote and an insurance policy, and deal with any claims, queries or complaints that you might have. This makes Hiscox a "data controller" of your data. 

At Hiscox we trade under a number of legal companies. The specific company relevant to your policy will be stated in the documents we provide to you and may be:

Hiscox Syndicates Limited, company number 02590623, registered address: Hiscox, 22 Bishopsgate, London, EC2N 4BQ.

Hiscox Underwriting Services Limited, company number 03294530, registered address: Hiscox, 22 Bishopsgate, London, EC2N 4BQ.

Hiscox Underwriting Ltd, company number 02372789, registered address: Hiscox, 22 Bishopsgate, London, EC2N 4BQ.

Hiscox Insurance Company Limited, company number 00070234, registered address: Hiscox, 22 Bishopsgate, London, EC2N 4BQ.

Hiscox Underwriting Group Services Limited, company number 04137419, registered address: Hiscox, 22 Bishopsgate, London, EC2N 4BQ.

If you aren’t sure which company is relevant to you, you can contact us by e-mailing [email protected] or writing to us at Data Protection Officer, Hiscox, 22 Bishopsgate, London, EC2N 4BQ.

Insurance within the Lloyd’s market means that your data may be used and shared by a number of insurance market participants such as intermediaries, insurers and reinsurers. The London Insurance Market Core Uses Information Notice, https://www.lmalloyds.com/GDPR gives more information on why this is necessary and is a useful document for you to review. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice.

We work in partnership with the Motor Insurers’ Bureau (MIB) and associated not-for-profit companies who provide several services on behalf of the insurance industry. At every stage of your insurance journey, the MIB will be processing your personal information and more details about this can be found via their website: https://www.mib.org.uk/

We’ve set out brief details of the sorts of activity the MIB do: 

  • Checking your driving licence number against the DVLA driver database to obtain driving licence data to help calculate your insurance quote and prevent fraud. This includes driving conviction data.

  • Checking your ‘No Claims Bonus’ entitlement and claims history.

  • Prevent, detect and investigate fraud and other crime, by carrying out fraud checks.

  • Maintaining databases of:
    - Insured vehicles (Motor Insurance & Policy Data or Motor Insurance Database)
    - Vehicles which are stolen or not legally permitted on the road (Vehicle Salvage & Theft Data or MIAFTR).
    - Motor, personal injury and home claims (CUE).
    - Employers’ Liability Insurance Policies (Employers’ Liability Database).
    - Managing insurance claims relating to untraced and uninsured drivers in the UK and abroad.
    - Working with law enforcement to prevent uninsured vehicles being used on the roads.

  • Supporting insurance claims processes.

Personal information is any information about you that you can be identified from. We’ll collect different personal information depending on whether you are a Hiscox policyholder, a beneficiary under a Hiscox insurance policy, a claimant, a witness, a broker or another third party.

In certain circumstances, we will request or receive your “sensitive personal information”. This is  information relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership. 

If you provide personal information about other individuals, for example, members of your family, you need to provide them with a link to this notice or tell them how their data will be used by us. 

Please click on the relevant section below for detailed information about the types of personal information we are likely to collect and use about you in different circumstances.

Policyholder or beneficiary (or prospective policyholders or beneficiaries) under an insurance policy

If you apply for or take out an insurance policy with us directly this section is relevant for you. This could be a household policy, or you could be an applicant or beneficiary under a policy that someone else has applied for or has with us. For example, a named driver on a motor policy.

What personal information will we collect?

  • General information - your name, address, contact details, date of birth, nationality, gender and relationship to the policyholder, if you’re not the policyholder.
  • Identification information - national insurance number, passport number, tax identifiers or driving licence number.
  • Information about your job - job title, your status as a director or partner, employment history, education history and professional accreditations.
  • Information which is relevant to your insurance policy - details of previous insurance policies and claims history. This will depend on the type of policy you hold with us. For example, if you hold a household policy, we may collect and use information which relates to your property or if you hold a travel policy, we may collect and use information which relates to your travel plans.
  • Information relevant to any claim you may make. This will depend on the type of claim you make. For example, if you make a claim following a road traffic accident, we may use personal information which relates to your vehicle and named drivers.
  • Financial information - your bank details, payment details and information obtained as part of our credit checks. This may include details of any bankruptcy orders, individual voluntary arrangements or county court judgements.
  • Information, including photographs, we obtain by carrying out checks of publicly available sources such as newspapers and social media sites where we suspect fraudulent activity.
  • Information we obtain from checking sanctions lists, such as those published by United Nations, European Union, UK Treasury, the U.S. Office of Foreign Assets Control (OFAC) and the U.S. Department of Commerce, Bureau of Industry and Security.
  • Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found at https://www.hiscox.co.uk/cookies-privacy/cookie-policy.
  • Information we collect during recorded telephone calls.
  • Your marketing preferences and details of your customer experience with us.

What sensitive personal information will we collect?

Information relating to criminal convictions. This includes offences, alleged offences and any court sentence or unspent criminal conviction.

We might also ask for details of your current or former physical or mental health condition. For example, if you hold a travel policy, we may need details about any medical conditions that affect you, or anyone travelling in your group. This may take the form of medical reports or underlying medical data such as x-rays or blood tests.

There may be limited circumstances where we ask for details of your race; ethnicity; religious or philosophical beliefs; political opinions; trade union membership; genetic or biometric data; or data concerning your sex life or sexual orientation if it’s relevant to your policy or claim. For example, we may process information relating to your trade union membership if you take out a policy with us via your trade union body and we may process information relating to your religious beliefs if it’s relevant to your medical treatment.

How will we collect your personal information?

We will collect information directly from you and from the following third parties:

  • the named policyholder, where you are a beneficiary;
  • third parties involved in the relevant insurance policy or claim. This could be our business partners and representatives, brokers or other insurers, claimants, defendants or witnesses to an incident;
  • third parties who provide a service in relation to the relevant insurance policy or claim. This could be loss adjusters, claims handlers, and medical experts;
  • publicly available sources such as internet search engines, the electoral roll, court judgments, insolvency registers, news articles and social media sites;
  • other companies within the Hiscox group;
  • credit reference agencies;
  • financial crime detection agencies and databases. This could include fraud prevention and checking against international sanctions, including the Claims Underwriting Exchange (known as "CUE"), the Insurance Fraud Register, the Insurance Fraud Intelligence Hub (IfiHUB) and the Motor Insurance Database
  • third parties who provide sanctions checking services;
  • government agencies such as the police, the National Crime Agency, the DVLA or HMRC;
  • insurance industry bodies including the Employers’ Liability Tracing Office and the Association of British Insurers;
  • third parties who provide us with details of individuals who have expressed an interest in hearing about insurance products;
  • in limited circumstances, private investigators;
  • third party data suppliers. For example in relation to flood modelling data and property surveys and valuations;
  • third party administrators and suppliers we appoint to help us carry out our everyday business activities This includes IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers;
  • our own websites; and
  • selected third parties in connection with any sale, transfer or disposal of our business.

What will we use your personal information for?

We may use your information for a number of different purposes. For each purpose we must have a “legal basis” to use your personal information. 

The legal Basis’ we rely on to process your personal data are:

  • We need to use your personal information to set up and administer the contract with you. This is known as to perform a contract with you. For example, we need to use your personal information to provide you with a quote or to provide your insurance policy and other associated products, like legal expenses cover. We will rely on this for activities like assessing your application, managing your insurance policy, handling claims and providing other products to you.
  • We have a legal or regulatory obligation to use your personal information. For example, our regulators require us to hold certain records.
  • We have a legitimate interest to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
  • We may use your personal data where it is necessary to protect your vital interests. For example, in relation to a kidnap claim.
  • When you have provided your consent to our use of your personal information for example, in relation to your marketing preferences.

When processing your “sensitive personal information", we must have an additional “legal basis". We will rely on the following legal basis when we process your "sensitive personal information":

  • We need to use your sensitive personal information for an insurance purpose and there is a substantial public interest in using your data this way. This includes assessing your insurance application, managing claims and preventing and detecting fraud.
  • We need to use your sensitive personal information to comply with or help someone else comply with a regulatory requirement relating to unlawful acts and dishonesty and there is a substantial public interest in using your data this way.
  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • We need to use your sensitive personal information to prevent or detect crime and there is a substantial public interest in using your data this way. This might happen when we are investigating allegations of insurance fraud.
  • We need to safeguard your economic well-being. For example, to record information that you have a vulnerability we should be aware of. 
  • Where it is necessary for us to protect your vital interests. For example, in relation to a kidnap claim.
  • You have provided your explicit consent to us to use your sensitive personal information for specific purposes.

You will find further details of our "legal grounds" for each of our processing purposes set out below.

Purpose for processingLegal grounds for using your personal informationLegal grounds for using your sensitive personal information
To carry out fraud, credit and anti-money laundering checks.

It is necessary to enter into or perform your insurance contract.

We have a relevant legal or regulatory obligation.

Legitimate interests (to prevent fraud and other financial crime).

Such use is necessary for insurance purposes.

It is necessary to prevent or detect crime.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

We need to establish, exercise or defend legal rights.

You have given us your explicit consent.

To prevent fraud. 

To evaluate your insurance application or renewal and provide you with a quote.

It is necessary to enter into or perform your insurance contract.

We have a relevant legal or regulatory obligation.

Legitimate interests (to assess your insurance application and manage the application process).

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To administer your insurance contract including taking payments and making changes where requested or necessary.

It is necessary to enter into or perform your insurance contract.

We have a relevant legal or regulatory obligation.

Legitimate interests (to administer your insurance contract).

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To manage insurance claims.

It is necessary to perform your insurance contract.

We have a relevant legal or regulatory obligation.

Legitimate interests (to assess and pay your claim and manage the claims process).

Such use is necessary to protect your vital interests.

Such use is necessary for insurance purposes.

We need to use your information in order to establish, exercise or defend our legal rights.

Such use is necessary to protect your vital interests.

You have given us your explicit consent.

To prevent and investigate fraud and other crime.

It is necessary to enter into or perform your insurance contract.

We have a relevant legal or regulatory obligation.

Legitimate interests (to prevent and detect fraud and other financial crime).

Such use is necessary for insurance purposes.

It is necessary to prevent or detect crime.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

To prevent fraud. 

To communicate with you and resolve any complaints that you might have.

It is necessary to enter into or perform your insurance contract.

We have a relevant legal or regulatory obligation.

Legitimate interests (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).

Such use is necessary for insurance purposes.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

To comply with our legal or regulatory obligations.We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

We need to use your information in order to establish, exercise or defend our legal rights.

To prevent fraud.

You have given us your explicit consent.

To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys).Legitimate interests (to develop and improve the products and services we offer).

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To enable us to manage our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice).

Legitimate interests (to effectively manage our business).

We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

For insurance risk modelling and product and pricing refinement.Legitimate interests (to develop and improve the products and services we offer).

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To apply for and claim on our insurance.Legitimate interests (to ensure that we have appropriate insurance in place).

Such use is necessary for insurance purposes.

We need to use your information in order to establish, exercise or defend legal rights.

You have given us your explicit consent.

To carry out marketing analysis, customer segmentation and campaign planning.

You have given us your explicit consent.

Legitimate interests (to plan our marketing activities).

Not applicable.
To provide marketing information to you in accordance with preferences you have expressed.

You have given us your explicit consent.

Legitimate interests (to send you selected communications about other products and services we offer).

Not applicable
To buy or sell group companies or to restructure our business.

Legitimate interests (to buy or sell group companies or to restructure our business).

We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To enable you to participate in a prize draw, competition or complete a survey.

 

 

It is necessary to enter into or perform a contract with you.

Legitimate interests (to offer and administer prize draws and competition and conduct surveys to better understand our customers needs). 

Not applicable. 

To identify and protect vulnerable customers.

 

 

It is necessary to enter into or perform your insurance contract.

Legitimate interests (to protect customers).  

 

Such use is necessary for insurance purposes.

To safeguard economic well-being. 

 

You have given us your explicit consent.

 

Who will we share your personal information with?

We may share your personal information with the other companies within the Hiscox group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for specific purposes.

If you would like further information about how we share your personal information, please contact us using the details in the “Contact us” section.

There may be circumstances where we will share your personal information with:

  • other companies in the Hiscox group, including where:
    - one of our group companies is placing your insurance policy with another group company;
    - one of our group companies is unable to provide you with an insurance policy but another might be able to assist you;
    - we are arranging our own insurance;
    - it is necessary for our business administration purposes;
    - we are using information for the prevention or detection of fraud or other crime; or
    - we need to report information within our group of companies.
  • our insurance and reinsurance partners such as brokers, other (re)insurers or other companies who act as (re)insurance distributors;
  • other third parties who assist in the administration of your insurance policy or claim, such as loss adjusters, claims handlers, accountants, auditors, banks, lawyers, building regulations checking companies and other experts including medical experts;
  • companies who provide you with certain services such as home emergency cover and legal expenses cover;
  • our regulators;
  • other insurers;
  • fraud detection agencies and other third parties who operate and maintain fraud detection registers or undertake investigations in cases of suspected insurance fraud. This includes the Insurance Fraud Register, the Insurance Fraud Intelligence Hub (IfiHUB) and the Motor Insurance Database;
  • the police and other third parties, such as banks or other insurance companies;
  • other insurers who provide our own insurance;
  • industry bodies, such as the Association of British Insurers, Lloyd’s Market Association and Employers’ Liability Tracing Office;
  • credit referencing agencies and third parties who carry out sanctions checks on our behalf;
  • our third-party service providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, outsourced procurement service providers, our subcontractors and tax advisers; third parties who handle our direct marketing and market research on our behalf. This includes, for example, the inclusion or suppression of your personal information from our contact lists, sending marketing communications, and analysis of responses to our marketing communications;
  • social media sites and marketing analytics providers.  This includes Facebook, to carry out marketing and Google so we can see how effective our marketing is for different types of advertising;
  • selected third parties in connection with any sale, transfer or disposal of our business; 
  • where necessary, courts and other alternative dispute resolution providers such as arbitrators, mediators and the Financial Ombudsman Service.
     

Third party claimant under a Hiscox Insurance policy

This section will apply if you make a claim in relation to a third party who has a Hiscox insurance policy. For example, if you are involved in a road traffic accident with a third party who is insured by us. If this information is needed for legal reasons, we will tell you this at the time of collection.

What personal information will we collect?

  • General information such as your name, address, contact details, date of birth, nationality and gender.
  • Identification information such as your national insurance number, passport number, tax identifiers or driving licence number.
  • Information about your job including job title, your status as a director or partner, employment history, education history and professional accreditations.
  • Information relevant to your claim. This will depend on the type of claim you make. For example, if you make a claim following a road traffic accident, we may ask for personal information that relates to your vehicle and any named drivers.
  • Information relating to previous insurance policies or claims.
  • Financial information such as your bank details and payment details.
  • Information, which may include photographs, we obtain by carrying out checks of publicly available sources such as newspapers and social media sites if we suspect fraudulent activity.
  • Details of conversations and correspondence made or received with you. 
  • Information we obtain as part of checking sanctions lists.
  • Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found at https://www.hiscox.co.uk/cookies-privacy/cookie-policy.
  • Information obtained during telephone recordings.

What sensitive personal information will we collect?

Information relating to your criminal convictions, including offences and alleged offences and any court sentence or unspent criminal conviction.

Details of your current or former health condition if it’s relevant. For example, if you are injured while at a property insured by Hiscox, and the owner of the property makes a claim under their insurance policy for your injury.

We may process other sensitive personal information including details of your race; ethnicity; religious or philosophical beliefs; political opinions; trade union membership; genetic or biometric data; or data concerning your sex life or sexual orientation if it’s relevant to your claim. For example, we may process information relating to your religious beliefs if relevant to your medical treatment.

How will we collect your information?

We will collect information directly from you and from the following third parties:

  • the policyholder;
  • third parties involved in the relevant insurance policy or claim. This could be our business partners and representatives, brokers or other insurers, claimants, defendants or witnesses to an incident;
  • third parties who provide a service in relation to the relevant insurance policy or claim. For example, loss adjusters, claims handlers, and medical experts;
  • publicly available sources such as the electoral roll, court judgments, insolvency registers, internet search engines, news articles and social media sites;
  • other companies within the Hiscox group;
  • credit reference agencies;
  • financial crime detection agencies and databases. This includes fraud prevention and checking against international sanctions including the Claims Underwriting Exchange (known as "CUE") the Insurance Fraud Register, the Insurance Fraud Intelligence Hub (IfiHUB) and the Motor Insurance Database;
  • third parties who provide sanctions checking services;
  • government agencies such as the police, the National Crime Agency, the DVLA or HMRC;
  • insurance industry bodies including the Employers’ Liability Tracing Office and the Association of British Insurers;
  • in limited circumstances, private investigators;
  • third party data suppliers. For example in relation to flood modelling data and property surveys and valuations;
  • third party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers;
  • our own websites; and
  • selected third parties in connection with any sale, transfer or disposal of our business.

What will we use your personal information for?

We use your information for a number of different purposes. For each purpose we must have a “legal basis” to use your personal information in this way. This could be:

  • We have a legal or regulatory obligation to use your personal information. For example, our regulators require us to hold certain records. 
  • We have a legitimate interest to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
  • You have provided your consent to use your personal information.

When processing your “sensitive personal information", we must have an additional “legal basis". We will rely on the following legal basis when we process your "sensitive personal information":

  • We need to use your sensitive personal information for an insurance purpose and there is a substantial public interest in using it this way. This includes managing claims and preventing and detecting fraud.
  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings, want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • We need to use your sensitive personal information to prevent or detect crime and there is a substantial public interest in using it this way. This might happen when we are investigating allegations of insurance fraud.
  • We need to use your sensitive personal information to comply with or help someone else comply with a regulatory requirement relating to unlawful acts and dishonesty and there is a substantial public interest in using it this way.
  • We need to safeguard your economic well-being. For example, to record information to flag that you have a vulnerability we should be aware of.
  • You have provided your explicit consent to our use of your sensitive personal information.

You will find further details of our "legal grounds" for each of our processing purposes set out below.

Purpose for processingLegal grounds for using your personal informationLegal grounds for using your sensitive personal information
To comply with our legal or regulatory obligations.

Legitimate interest (to comply with our legal and regulatory obligations).

We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

You have given us your explicit consent.

We need to use your information in order to establish, exercise or defend legal rights.

To write insurance policies and for claims handling.Legitimate interest (to effectively write policies and manage claims).Not applicable.
For relationship and business development purposes.Legitimate interest (relationship management and business analysis).Not applicable.
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers).Legitimate interest (to develop and improve the products and services we offer).Not applicable.
To manage and handle any queries you may have.Legitimate interest (to effectively manage our business and respond to queries).Not applicable.

To enable you to participate in a prize draw, competition or complete a survey.

 

 

Legitimate interests (to offer and administer prize draws and competition and conduct surveys to better understand our broker partner needs).Not applicable. 

Who will we share your personal information with?

We may share your personal information with the other companies in our group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes we’ve set out.

If you would like further information about how we share your information, please contact us using the details in the “Contact us” section.

Where relevant, we will share your personal information with:

  • other companies in the Hiscox group, including where:
    - we’re arranging our own insurance;
    - it’s necessary for our business administration purposes;
    - we’re using information for the prevention or detection of fraud or other crime; or
    -we need to report information within our group of companies.
  • our insurance and reinsurance partners such as brokers, other (re)insurers or other companies who act as (re)insurance distributors;
  • other third parties who help us administer your insurance claim. This could be loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts;
  • companies who provide you with certain services such as home emergency cover and legal expenses cover;
  • our regulators;
  • other insurers;
  • fraud detection agencies and other third parties who operate and maintain fraud detection registers or undertake investigations in cases of suspected insurance fraud. This includes the Insurance Fraud Register, the Insurance Fraud Intelligence Hub (IfiHUB) and the Motor Insurance Database;
  • the police and other third parties, such as banks or other insurance companies;
  • other insurers who provide our own insurance;
  • industry bodies, for example, the Association of British Insurers, Lloyd’s Market Association or Employers’ Liability Tracing Office;
  • credit referencing agencies and third parties who carry out sanctions checks on our behalf;
  • our third-party services providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, outsource procurement service providers, our subcontractors and tax advisers;
  • selected third parties in connection with any sale, transfer or disposal of our business; or
  • where necessary, courts and other alternative dispute resolution providers, such as arbitrators, mediators and the Financial Ombudsman Service.

Third party under a commercial insurance policy or an insurance policy we provide to another insurer

This section will apply if your information is processed in relation to a commercial insurance policy held by a third party. For example, if you are a member of the crew on a ship or aircraft which we insure, or if your information is processed in relation to an insurance policy that we provide to another insurer. If we need your information for legal or contractual reasons, we will tell you when we collect it.

What personal information will we collect?

  • General information such as your name, address, contact details, date of birth, nationality and gender.
  • Identification information such as your national insurance number, passport number, tax identifiers or driving licence number.
  • Information about your job including job title, your status as a director or partner, employment history, education history and professional accreditations.
  • Information relevant to any claim made.
  • Information relating to previous insurance policies or claims.
  • Financial information such as your bank details and payment details.
  • Details of conversations and correspondence made or received with you. 
  • Information, including photographs, obtained by carrying out checks of publicly available sources such as newspapers and social media sites if we suspect fraudulent activity.
  • Information we obtain by checking sanctions lists.
  • Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found at https://www.hiscox.co.uk/cookies-privacy/cookie-policy.
  • Information obtained during telephone recordings.

What sensitive personal information will we collect?

Information relating to criminal convictions, including offences and alleged offences and any court sentence or unspent criminal conviction.

Details of your current or former health condition, if relevant. For example, if you are injured whilst at a property insured by Hiscox, and the owner of the property makes a claim under their insurance policy in relation to your injury.

We may process other sensitive personal information including details of your race; ethnicity; religious or philosophical beliefs; political opinions; trade union membership; genetic or biometric data; or data concerning your sex life or sexual orientation if it’s relevant to the policy. For example, we may process information relating to your religious beliefs if it’s relevant as part of your medical treatment.

How will we collect your information?

We will collect information directly from you and from the following third parties:

  • the policyholder;
  • third parties involved in the relevant insurance policy or claim. This could be our business partners and representatives, brokers or other insurers, claimants, defendants or witnesses to an incident;
  • third parties who provide a service in relation to the insurance policy or claim. For example, loss adjusters, claims handlers, and medical experts;
  • publicly available sources such as the electoral roll, court judgments, insolvency registers, internet search engines, news articles and social media sites;
  • other companies within the Hiscox group;
  • credit reference agencies;
  • financial crime detection agencies and databases for fraud prevention and checking against international sanctions. This includes the Claims Underwriting Exchange (known as "CUE") the Insurance Fraud Register, the Insurance Fraud Intelligence Hub (IfiHUB) and the Motor Insurance Database;
  • third parties who provide sanctions checking services;
  • government agencies such as the police, the National Crime Agency, the DVLA or HMRC;
  • insurance industry bodies including the Employers’ Liability Tracing Office and the Association of British Insurers;
  • in limited circumstances, private investigators;
  • third party data suppliers, for example in relation to flood modelling data and property surveys and valuations;
  • third party administrators and suppliers that help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers;
  • our own websites; and
  • selected third parties in connection with any sale, transfer or disposal of our business.

What will we use your personal information for?

We use your information for a number of different purposes. For each purpose we must have a “legal basis” to use your personal information. This could be:

  • We have a legal or regulatory obligation to use your personal information. For example, our regulators require us to hold records.
  • We have a "legitimate interest" to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
  • We need to use the data to protect your vital interests. For example, in relation to a kidnap claim.
  • You have provided your consent to use your personal information.

When processing your “sensitive personal information", we must have an additional “legal basis". We will rely on the following legal basis when we process your "sensitive personal information":

  • We need to use your sensitive personal information for an insurance purpose and there is a substantial public interest in using it this way. For example, for assessing your insurance application, managing claims and preventing and detecting fraud.
  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves, or when we are investigating a legal claim that a third party brings against you.
  • We need to use your sensitive personal information to prevent or detect crime and there is a substantial public interest in using it this way. This might happen when we are investigating allegations of insurance fraud.
  • We need to use your sensitive personal information to comply with, or help someone else comply with, a regulatory requirement relating to unlawful acts and dishonesty and there is a substantial public interest in using it this way.
  • Using your data is necessary to protect your vital interests. For example, in relation to a kidnap claim.
  • You have provided your explicit consent to use your sensitive personal information.

You will find further details of our "legal grounds" for each of our processing purposes set out below.

Purpose for processingLegal grounds for using your personal informationLegal grounds for using your sensitive personal information
To carry out fraud, credit and anti-money laundering checks.

We have a relevant legal or regulatory obligation.

Legitimate interests (to prevent fraud and other financial crime).

Such use is necessary for insurance purposes.

It is necessary to prevent or detect crime.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

We need to establish, exercise or defend legal rights.

You have given us your explicit consent.

To prevent fraud.

To manage any claims you make under the relevant Hiscox insurance policy.

We have a relevant legal or regulatory obligation.

Legitimate interests (to assess and pay your claim and manage the claims process).

Such use is necessary for insurance purposes.

We need to establish, exercise or defend legal rights.

Such use is necessary to protect your vital interests.

You have given us your explicit consent.

To comply with our legal or regulatory obligations.We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

To communicate with you and resolve any complaints that you might have.

We have a relevant legal or regulatory obligation.

Legitimate interests (to send you communications, record and investigate complaints and ensure that future complaints and handled appropriately).

Such use is necessary for insurance purposes.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

To prevent and investigate fraud and other crime.

We have a relevant legal or regulatory obligation.

Legitimate interests (to prevent and detect fraud and other financial crime).

Such use is necessary for insurance purposes.

It is necessary to prevent or detect crime.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

To prevent fraud. 

To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers).Legitimate interests (to develop and improve the products and services we offer).

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To enable us to manage our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice).

Legitimate interests (to effectively manage our business).

We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

For insurance risk modelling and product and pricing refinement.Legitimate interests (to develop and improve the products and services we offer).

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To buy or sell group companies or to restructure our business.

Legitimate interests (to buy or sell group companies or to restructure our business).

We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

You have given us your explicit consent.

Who will we share your personal information with?

We may share your personal information with the other companies in our group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below. 

If you would like further information about how we share your personal information, please contact us using the details in the “Contact us” section.

We may share your personal information with:

  • other companies in the Hiscox group, including where:
    - one of our group companies is placing the insurance policy with another group company;
    - one of our group companies is unable to provide the insurance policy but another might be able to assist;
    - we’re arranging our own insurance;
    - it’s necessary for our business administration purposes;
    - we’re using information for the prevention or detection of fraud or other crime; or
    - we need to report the information within our group of companies.
  • our insurance and reinsurance partners such as brokers, other (re)insurers or other companies who act as (re)insurance distributors;
  • other third parties who help us administer your insurance policy or claim, this could be loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts;
  • our regulators;
  • other insurers;
  • fraud detection agencies and other third parties who operate and maintain fraud detection registers or undertake investigations in cases of suspected insurance fraud. This includes the Insurance Fraud Register, the Insurance Fraud Intelligence Hub (IfiHUB) and the Motor Insurance Database;
  • the police and other third parties, such as banks or other insurance companies;
  • other insurers who provide our own insurance;
  • industry bodies such as the Association of British Insurers, Lloyd’s Market Association or Employers’ Liability Tracing Office;
  • credit referencing agencies and third parties who carry out sanctions checks on our behalf;
  • our third-party services providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, outsourced procurement services providers, our subcontractors and tax advisers;
  • selected third parties in connection with any sale, transfer or disposal of our business; or
  • where necessary, courts and other alternative dispute resolution providers such as arbitrators, mediators and the Financial Ombudsman Service.

Witnesses to an incident

This section applies if you are a witness to an incident where we are involved in managing the claim. Where your information is legally required, we will tell you when we collect it.

What personal information will we collect?

  • General information such as your name, address, contact details, date of birth, nationality and gender.
  • Identification information such as your national insurance number, passport number, tax identifiers or driving licence number.
  • Information relevant to the incident that you have witnessed.
  • Details of conversations and correspondence made or received with you.

What sensitive personal information will we collect?

Depending on the nature of the incident you have witnessed, and only if relevant, we may collect information relating to your criminal convictions, including offences and alleged offences and any court sentence or unspent criminal conviction, or details of your current or former physical or mental health condition.

We may process other sensitive personal information including details of your race; ethnicity; religious or philosophical beliefs; political opinions; trade union membership; genetic or biometric data; or data concerning your sex life or sexual orientation if relevant to your role as a witness.

How will we collect your information?

We will collect information directly from you and from the following third parties:

  • third parties involved in the incident you witnessed. This could be brokers or other insurers, claimants, defendants or other witnesses;
  • other third parties who provide a service in relation to the claim which relates to the incident you witnessed. For example, loss adjusters, claims handlers, and experts;
  • publicly available sources such as the electoral roll, court judgments, insolvency registers, insurance industry databases, internet search engines, news articles and social media sites; and
  • other companies within the Hiscox group.

What will we use your personal information for?

We may use your information for a number of different purposes. For each purpose we must have a “legal basis” to use your personal information in this way. This could be:

  • We have a legal or regulatory obligation to use your personal information. For example, our regulators require us to hold certain records of our dealings with you.
  • We have a legitimate interest to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
  • You have provided your consent to use your personal information.

When processing your “sensitive personal information", we must have an additional “legal basis". We will rely on the following legal basis when we process your "sensitive personal information":

  • We need to use your sensitive personal information for an insurance purpose and there is a substantial public interest in using it this way. This includes assessing your insurance application, managing claims and preventing and detecting fraud.
  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • We need to use your sensitive personal information to prevent or detect crime and there is a substantial public interest in using it this way. This might happen when we are investigating allegations of insurance fraud.
  • We need to use your sensitive personal information to comply with or help someone else comply with a regulatory requirement relating to unlawful acts and dishonesty and there is a substantial public interest in using it this way.
  • You have provided your explicit consent using your sensitive personal information.

You will find further details of our "legal grounds" for each of our processing purposes set out below.

Purpose for processingYour personal informationLegal grounds for using your sensitive personal information
To investigate and manage claims made under an insurance policy.

We have a relevant legal or regulatory obligation.

Legitimate interest (to assess and pay claims and manage the claims process).

Such use is necessary for insurance purposes.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

To enable us to manage our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice).Legitimate interest (to effectively manage our business).

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To comply with our legal or regulatory obligations.

Legitimate interest (to comply with our legal and regulatory obligations).

We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

You have given us your explicit consent.

We need to use your information in order to establish, exercise or defend legal rights.

To prevent fraud. 

To prevent and investigate fraud and other crime.

We have a relevant legal or regulatory obligation.

Legitimate interest (to prevent and detect fraud and other financial crime).

Such use is necessary for insurance purposes.

It is necessary to prevent or detect crime.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

To prevent fraud. 

To communicate with you (and resolve any complaints that you might have.

We have a relevant legal or regulatory obligation.

Legitimate interest (to send you communications, record and investigate complaints and ensure that future complaints and handled appropriately).

Such use is necessary for insurance purposes.

We need to use your information in order to establish, exercise or defend our legal rights.

You have given us your explicit consent.

To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers).Legitimate interest (to develop and improve the products and services we offer).

Such use is necessary for insurance purposes.

You have given us your explicit consent.

To buy or sell group companies or to restructure our business.

Legitimate interest (to buy or sell group companies or to restructure our business).

We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

You have given us your explicit consent

Who will we share your personal information with?

We may share your personal information with the other companies in our group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below.

If you would like more information about how we share your information, please contact us using the details in the “Contact us” section.

We may share your personal information with:

  • other companies in the Hiscox group, including where:
    - we are arranging our own insurance;
    - it’s necessary for our business administration purposes;
    - we’re using information for the prevention or detection of fraud or other crime; or
    - we need to report information within our group of companies.
  • our insurance and reinsurance partners such as brokers, other (re)insurers or other companies who act as (re)insurance distributors;
  • other third parties who assist in the administration of the insurance policy or claim, such as loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts;
  • our regulators;
  • other insurers;
  • fraud detection agencies and other third parties who operate and maintain fraud detection registers or undertake investigations in cases of suspected insurance fraud. This can include the Insurance Fraud Register, the Insurance Fraud Intelligence Hub (IfiHUB) and the Motor Insurance Database;
  • the police and other third parties. For example, banks or other insurance companies;
  • other insurers who provide our own insurance;
  • industry bodies. For example, the Association of British Insurers, Lloyd’s Market Association or Employers’ Liability Tracing Office;
  • credit referencing agencies and third parties who carry out sanctions checks on our behalf;
  • our third-party services providers, this includes IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers and tax advisers;
  • selected third parties in connection with any sale, transfer or disposal of our business; or
  • where necessary, courts and other alternative dispute resolution providers. For example, arbitrators, mediators and the Financial Ombudsman Service.

Brokers, appointed representatives and other business partners

This section will apply if you are a broker doing business with us, an appointed representative or other business partner such as an introducer or supplier. Where providing information is legally or contractually required, we’ll tell you when we collect the information.

What personal information will we collect?

  • General information such as your name, address, contact details, date of birth, nationality and gender.
  • Information about your job such as job title, your status as a director or partner, employment history, education history and professional accreditations.
  • Information which we obtain as part of checking sanctions lists.
  • Details of conversations and correspondence made or received with you. 
  • Other information, including publicly available information, obtained as part of our due diligence checks.

What sensitive personal information will we collect?

Information relating to criminal convictions. This includes offences and alleged offences and any court sentence or unspent criminal conviction.

How will we collect your information?

As well as obtaining information directly from you, we will collect information from:

  • Invoices, contracts, policies, correspondence and business cards.
  • Other Hiscox group companies.
  • Publicly available sources such as the electoral roll, court judgments, insolvency registers, internet search engines.
  • From service providers who carry out sanction’s checks.

What will we use your personal information for?

We use your information for a number of different purposes. For each purpose we must have a “legal basis” to use your personal information. This could be:

  • We have a legal or regulatory obligation to use your personal information. For example, our regulators require us to hold certain records.
  • We have a legitimate interest to use your personal information. We will rely on this to maintain our business records, training and quality assurance, and developing and improving our products and services.
  • You have provided your consent to use your personal information.

When the information that we process is classed as “sensitive personal information", we must have an additional “legal basis". We will rely on the following legal basis when we process your "sensitive personal information":

  • We need to use your sensitive personal information for an insurance purpose and there is a substantial public interest in using it this way. This includes assessing your insurance application, managing claims and preventing and detecting fraud.
  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
  • We need to use your sensitive personal information to prevent or detect crime and there is a substantial public interest in using it this way. This might happen when we are investigating allegations of insurance fraud.
  • We need to use your sensitive personal information to comply with or help someone else comply with a regulatory requirement relating to unlawful acts and dishonesty and there is a substantial public interest in using it this way.

You will find further details of our "legal grounds" for each of our processing purposes set out below.

Purpose for processingLegal grounds for using your personal informationLegal grounds for using your sensitive personal information
To comply with our legal or regulatory obligations.

Legitimate interest (to comply with our legal and regulatory obligations).

We have a relevant legal or regulatory obligation.

Such use is necessary for insurance purposes.

Such use is necessary to comply with regulatory requirements relating to unlawful acts and dishonesty.

You have given us your explicit consent.

We need to use your information in order to establish, exercise or defend legal rights.

To write insurance policies and for claims handling.Legitimate interest (to effectively write policies and manage claims).Not applicable.
For relationship and business development purposes.Legitimate interest (relationship management and business analysis).Not applicable.
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers).Legitimate interest (to develop and improve the products and services we offer).Not applicable.
To manage and handle any queries you may have.Legitimate interest (to effectively manage our business and respond to queries).Not applicable.

To enable you to participate in a prize draw, competition or complete a survey.

 

 

Legitimate interests (to offer and administer prize draws and competition and conduct surveys to better understand our broker partner needs).Not applicable. 

Who will we share your personal information with?

We will keep your personal information confidential and only share it for the purposes outlined about where necessary with:

  • Other companies in the Hiscox group including where:
    - we are arranging our own insurance;
    - it’s necessary for our business administration purposes;
    - we’re using your information for the prevention or detection of fraud or other crime; or
    - we need to report information within our group of companies.
  • our other insurance and reinsurance partners such as brokers, other (re)insurers or other companies who act as (re)insurance distributors;
  • our regulators;
  • fraud detection agencies and other third parties who operate and maintain fraud detection registers or undertake investigations in cases of suspected insurance fraud. This includes the Insurance Fraud Register, the Insurance Fraud Intelligence Hub (IfiHUB) and the Motor Insurance Database;
  • the police and other third parties where necessary for the prevention or detection of crime. For example, banks or other insurance companies;
  • other insurers who provide our own insurance;
  • industry bodies. For example, the Association of British Insurers, Lloyd’s Market Association or Employers’ Liability Tracing Office;
  • credit referencing agencies and third parties who carry out sanctions checks on our behalf;
  • our third-party services providers, which include IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers and tax advisers; or
  • third parties who handle our direct marketing on our behalf. This includes, inclusion or suppression of your personal information from our contact lists, sending marketing communications, and analysis of responses to our marketing communications.
  • Third parties who may contact you to take part in research to improve our products and services. 

We would like to keep you informed about products or services which may be of interest to you. We may do this by post, email, telephone or other electronic methods such as text message. 

If you wish to opt out of marketing, you may do so at any time by clicking on the "unsubscribe" link that appears in all emails or tell us when we call you. Otherwise, you can always contact us using the details in the “Contact us” section to update your marketing preferences.

Even if you opt out of receiving marketing messages, we may still send you information relating to your policy, information about any services you are entitled to or regulatory communications where necessary.

To help us understand the products and services which may interest you, we gain information from other sources such as marketing partners, companies who provide consumer classification, market segmentation and lifestyle data for marketing purposes. We use this information to help us plan our marketing and advertising activities.

We will only keep your personal information for as long as we need it, to fulfil all the types of processing set out in this notice. We are also required to keep certain information to comply with our legal and regulatory obligations.

The exact time period will depend on your relationship with us the type of personal information we hold and our purpose for retaining the data. For example, if you take out an insurance policy with us, we will typically keep your personal information for 7 years after the policy has finished.

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details in the “Contact us” section.

We, or third parties acting on our behalf, may store or process personal information that we collect about you in countries located outside of the United Kingdom ("UK"). Depending on our relationship and your particular circumstances, we may transfer personal information anywhere in the world. 

Where we make a transfer of your personal information outside of the UK we will make sure it is protected. We will do this using a number of different methods, including putting in place appropriate contractual protections which have been approved by the data protection authorities. 

If you would like further information regarding the steps we take to safeguard your personal information, please contact us using the details in the “Contact us” section.

Profiling

We provide insurance by modelling or profiling how likely an event leading to a claim is likely to occur. We will use the information you provide with the information provided by third party sources to assess the likelihood of a claim being made and how much it might cost, and use that assessment to decide whether or not to offer you insurance and at what price.

Insurance application and pricing

For certain policy types we use an automated underwriting engine to process the personal information you provide to us for your insurance application, together with information obtained from third party sources to calculate the cost of your insurance. This could be flood risk information for home insurance policies. 

Other information may also be used to calculate your premium, for example the use of any specialist devices we may have provided to you as a benefit of your policy, as well as any policy history you have with us. This information is required to provide you with an appropriate policy premium.

Fraud prevention

We may use profiling to assess the probability that claims may be fraudulent or inaccurate. We use your personal information to evaluate and predict risks and outcomes.

Marketing

We may use profiling to determine which products and benefits may interest you most. We may also use your personal information and profile to help us to improve our marketing materials, targeting and customer journeys.

We analyse our customers to determine common characteristics and preferences. We do this by considering various types of information which may include: your location, demographic information, such as your age or job title, alongside additional policy information. These characteristics and preferences help us to understand our customers, as well as sending you appropriate communications.

Automated decision making

Like many insurers, sometimes we make decisions using solely automated means. This automated process is often used to assist us predict the likelihood of events such a claim being made and its value or help us identify potential fraud. This helps us efficiently set premium prices which are appropriate for the insurance being provided. For example, an automated process may provide a home insurance policy price based on your postcode, risk of flooding and local crime rate.

The majority of automated decisions we make will be necessary to in order to provide you with a policy or benefit. If not, we will ask for your consent before making any automated decisions which have a legal or substantially similar effect on you.

Where we make an automated decision, you may request a review of that decision by a member of our team. We will consider your comments and review the decision.

Data analysis and artificial intelligence

We constantly strive to improve our processes and insurance offering. We may use technologies driven by data analysis and artificial intelligence to support our existing activities. Artificial intelligence is an umbrella term for a range of technologies that replace manual processes and solve complex tasks by carrying out functions that previously required human action. We may also use the data that we hold to train these types of tools. 

These technologies help us to:

  • communicate with and support our customers more effectively;
  • ensure our business operates as efficiently as possible;
  • improve our data quality and accuracy;
  • better understand our customer's needs and target our advertising and marketing activities; 
  • automate certain business activities so that we can spend more time offering greater value; 
  • make sure our underwriting, pricing and claims processes are as effective as possible; and
  • better identify insurance fraud.

We will only use these technologies for the data processing purposes set out in this notice. We will implement appropriate checks and balances to make sure that any such technology operates as intended and does not cause unfair or bias outcomes.

Under data protection law you have certain rights in relation to the personal information that we hold about you. There will not usually be a charge for dealing with these requests. You may exercise these rights at any time by contacting us using the details in the “Contact us” section.

Please note:

  • the rights set out below do not apply in all circumstances;
  • in some cases we may not be able to comply with your request. For example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can't comply with your request, we’ll tell you why.
  • in some circumstances exercising some of these rights, such as the right to erasure or the right to restrict processing, will mean we are unable to continue providing you with insurance and may therefore result in its cancellation. You will therefore lose the right to bring any claim or receive any benefit, including in relation to any event that occurred before you exercised your right of erasure, if our ability to handle the claim has been prejudiced. Your policy terms and conditions set out what will happen in the event your policy is cancelled.

Your rights include:

  • The right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details of how we use it.

Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.

  • The right to rectification

We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.

  • The right to erasure

In certain circumstances, you have the right to ask us to erase your personal information. For example where the personal information we collected is no longer necessary for the original purpose or, where we are relying on consent as our legal basis, you withdraw your consent. However, this will need to be balanced against other factors. For example, we may have legal and regulatory obligations which mean we cannot comply with your request.

  • The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.

  • The right to data portability

In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to another third party of your choice.

  • The right to object to marketing

You can ask us to stop sending you marketing messages at any time. You can do this either by clicking on the "unsubscribe" button in any email that we send to you, or you can contact us using the details in the “Contact us” section. Even if you opt out of receiving marketing messages, we will still send you necessary communications relating to your policy or service we provide.

  • Rights to object

You have a right to object to an automated decision in certain circumstances.

Where we process your personal information based on legitimate interests, you can object to this processing. In such cases, we will assess your objection against our legitimate interests.

  • The right to withdraw consent

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.

For some purposes, we need your consent to provide your policy. If you withdraw your consent, we may need to cancel your policy or be unable to pay your claim. We will advise you of this at the point you seek to withdraw your consent.

Withdrawing consent will not affect the lawfulness of our processing based on your consent that occurred before the withdrawal.

  • The right to lodge a complaint with the ICO

You have a right to complain to the Information Commissioner's Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.

If you would like further information or have any other questions about how we collect, store or use your personal information, you may contact us by telephoning 01904 681198, by e-mailing us at [email protected] or writing to us at Data Protection Officer, Hiscox, 22 Bishopsgate, London, EC2N 4BQ.

We may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. This privacy notice is also subject to compliance audits across our supply chain which may result in changes. Where we make substantial changes to this notice we will provide you with an updated copy. You can also check our website periodically to view the most up-to-date notice.

This notice was last updated on: 3 July 2024